[wp-trac] [WordPress Trac] #26706: Allow custom authentication handlers for all requests

WordPress Trac noreply at wordpress.org
Sun Dec 22 13:59:08 UTC 2013


#26706: Allow custom authentication handlers for all requests
-------------------------+-----------------------------
 Reporter:  rmccue       |      Owner:
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  General      |    Version:
 Severity:  minor        |   Keywords:
-------------------------+-----------------------------
 While it's possible to write custom authentication handlers with
 WordPress, these methods all eventually rely on using cookies to store the
 current user.

 It should be possible to switch out the other half of this equation. For
 example, OAuth handlers should be able to set the current user based on
 query parameters, as well as checking their own nonces.

 Currently, the main obstacle to this is `get_currentuserinfo()`, which is
 hardcoded to use `wp_validate_auth_cookie()`. To work around this, you
 have to check on `plugins_loaded` or a similar early hook; before any
 other code calls `is_user_logged_in()`, `wp_get_current_user()` or
 anything else that uses the underlying function.

 I'd like to propose adding a filter to replace the existing
 `wp_validate_auth_cookie()` call, and have it return a `WP_User`.
 `wp_validate_auth_cookie()` can then be hooked into this by default.

 (I don't have a patch for this one yet; just noting it so I don't forget.)

--
Ticket URL: <http://core.trac.wordpress.org/ticket/26706>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list